Description
An exposed IOCTL with an  insufficient access control vulnerability has been identified in the utility, MxGeneralIo, for Moxa’s industrial x86 computers. The affected utility, MxGeneralIo, exposes IOCTL methods that permit direct read and write access to MSR and system memory. A local attacker with high privileges could abuse these interfaces to perform unauthorized operations. Successful exploitation may result in privilege escalation on Windows 7 systems or cause a system crash (BSoD) on Windows 10 and 11 systems, leading to a denial-of-service condition. The vulnerability could slightly affect the confidentiality and integrity of the device, but availability might be heavily impacted. No impact to the subsequent system has been identified.
Published: 2026-04-08
Score: 7 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege escalation and denial of service
Action: Apply Patch
AI Analysis

Impact

The MxGeneralIo utility for Moxa’s industrial x86 computers exposes IOCTL interfaces that allow direct read and write access to MSR registers and system memory without sufficient access control. A local attacker who already has high privileges can exploit these interfaces to read sensitive data, modify memory, and perform unauthorized operations. Successful exploitation can result in privilege escalation on Windows 7 systems or trigger a system crash (BSOD) on Windows 10 and Windows 11, effectively causing a denial‑of‑service condition. The flaw may also slightly affect the confidentiality and integrity of the device, although no further impact downstream has been identified.

Affected Systems

Affected systems include any installation of the MxGeneralIo utility on Moxa x86 industrial computers running Windows 7 (both x86 and x64), Windows 10, or Windows 11. The CVE entry does not list specific utility versions, so any version of the utility on those platforms is potentially vulnerable.

Risk and Exploitability

The CVSS score of 7.0 indicates a medium to high severity. Exploitation requires local access with high privileges, so the likelihood of attack in the wild may be limited. EPSS data is not available, but the vulnerability is not listed in the CISA KEV catalog. Because a successful exploit can lead to a system crash on newer Windows editions and produce privilege escalation on Windows 7, the potential impact on availability and security remains significant. Administrators should treat this issue as a priority for patching.

Generated by OpenCVE AI on April 8, 2026 at 08:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the official Moxa patch for MxGeneralIo
  • Verify that the patched version of MxGeneralIo is installed on all affected systems
  • Reboot the systems after patch deployment to ensure the patch takes effect

Generated by OpenCVE AI on April 8, 2026 at 08:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 20:15:00 +0000

Type Values Removed Values Added
Title Exposed IOCTL in MxGeneralIo Utility Enables Privilege Escalation and DoS

Wed, 08 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 08 Apr 2026 07:45:00 +0000

Type Values Removed Values Added
Description An exposed IOCTL with an  insufficient access control vulnerability has been identified in the utility, MxGeneralIo, for Moxa’s industrial x86 computers. The affected utility, MxGeneralIo, exposes IOCTL methods that permit direct read and write access to MSR and system memory. A local attacker with high privileges could abuse these interfaces to perform unauthorized operations. Successful exploitation may result in privilege escalation on Windows 7 systems or cause a system crash (BSoD) on Windows 10 and 11 systems, leading to a denial-of-service condition. The vulnerability could slightly affect the confidentiality and integrity of the device, but availability might be heavily impacted. No impact to the subsequent system has been identified.
First Time appeared Moxa
Moxa mxgeneralio
Weaknesses CWE-782
CPEs cpe:2.3:a:moxa:mxgeneralio:*:*:windows_10:*:*:*:*:*
cpe:2.3:a:moxa:mxgeneralio:*:*:windows_11:*:*:*:*:*
cpe:2.3:a:moxa:mxgeneralio:*:*:windows_7_x64:*:*:*:*:*
cpe:2.3:a:moxa:mxgeneralio:*:*:windows_7_x86:*:*:*:*:*
Vendors & Products Moxa
Moxa mxgeneralio
References
Metrics cvssV4_0

{'score': 7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Moxa Mxgeneralio
cve-icon MITRE

Status: PUBLISHED

Assigner: Moxa

Published:

Updated: 2026-04-08T13:53:26.094Z

Reserved: 2026-03-20T06:25:28.602Z

Link: CVE-2026-4483

cve-icon Vulnrichment

Updated: 2026-04-08T13:53:22.446Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T08:16:24.007

Modified: 2026-04-08T21:26:35.910

Link: CVE-2026-4483

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:43:30Z

Weaknesses